Primary

Context

Connect-CMS Improper Authorization Vulnerability in Page Content Retrieval Allowing Information Disclosure

Vulnerability

An improper authorization vulnerability has been identified in Connect-CMS, a content management system. This issue affects versions 1.x prior to 1.41.0 and 2.x prior to 2.41.0. The vulnerability arises from insufficient authorization checks in the page content retrieval feature, which may allow unauthorized access to non-public information. Exploitation of this vulnerability could result in the disclosure of content and attachments from private pages to third parties.

Impact

Exploitation of this vulnerability could lead to unauthorized retrieval of content and attachments from non-public pages.

Remediation

Users should update to version 1.41.1 or later for the 1.x series, and to version 2.41.1 or later for the 2.x series.

Added: Mar 23, 2026, 10:34 PM

Updated: Mar 23, 2026, 10:34 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

4.6

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

4.6

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Connect-CMS Improper Authorization Vulnerability in Page Content Retrieval Allowing Information Disclosure

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating